During an overhaul of its onboarding process, a mid-sized company wants to weave security controls into every step that a new employee takes on their first day. Which change to the documented onboarding procedure would be the most effective at protecting corporate assets while still enabling new hires to be productive?
Access to internal resources is immediately granted to new hires, with a formal security orientation scheduled after their first month of employment.
New hires are given minimal guidance to encourage self-learning about security practices, providing full access to internal systems to promote immediate immersion.
Network credentials are provided after completion of comprehensive security training on the first day, followed by access that is scaled up based on role-specific requirements.
Full network access is granted on the first day with a briefing held by the security team, supplemented by email reminders about security policies.
Requiring new hires to complete security awareness training before any network credentials are issued ensures they understand organizational policies and their responsibilities. Granting only the minimum role-based access they need after training limits potential damage if an account is compromised. Additional privileges can then be added as employees demonstrate continued compliance, reflecting the principle of least privilege. Approaches that grant full access before training or postpone training increase the window of exposure and contradict accepted best practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
Why is comprehensive security training essential for new hires?
Open an interactive chat with Bash
How can access be scaled up based on role-specific requirements?